Arachni is a great free and open-source Web Vulnerability Scanner that can be easily installed to Kali Linux. It has an overload of features and it performs extensive scans on supplied websites. Taking this into account, Arachni is a truly underrated tool in the WVS market. In this article, we will introduce you to it and show basic examples of usage.

You can download the Arachni source code here, or, on Kali Linux, you can install it by typing

sudo apt update && sudo apt install arachni

As always, after installing, we should check what the ‘-h’ (help) command line option shows us:

Arachni – Web Application Security Scanner Framework v1.5.1
Author: Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

(With the support of the community and the Arachni Team.)

Website: http://arachni-scanner.com
Documentation: http://arachni-scanner.com/wiki

Usage: ./arachni [options] URL

Generic
-h, –help Output this message.

–version Show version information.

–daemon-friendly Enable this option when running the process in the background.

<…>

–timeout-suspend Suspend after the timeout.
You can use the generated file to resume the scan with the ‘arachni_restore’ executable.

Now that’s indeed a lot of information, but there’s no need to get scared. For this article, we won’t need most of these options (think of them as of features), but we would suggest you looking through it again after you have finished reading the article.

Anyways, let’s look into the first few lines of this long output:

<…>

Usage: ./arachni [options] URL

<…>

As we can see, the usage can be quite simple. The only required argument is the url of the target website. Let’s try and supply one

arachni http://www.megacorpone.com

Now you will see a verbose output of the scans being performed. You will notice that the scans are so extensive, that it not only do they check cookies for vulnerabilities, but they also check for possible existing webshells.

After a few minutes, the scan should be over and you should be greeted by the scan report

Great. We can see that 17 issues were found. You will notice, that the reporter lists all issues in order from highest severity to lowest. This time no high severity vulnerabilities have been found, even though a backup file has been found.

Simple as that! Now you can see that Arachni isn’t really such a scary tool and you will be able to use it on your other penetration testing engagements. That will conclude our episode on scanning for vulnerabilities with this scanner. If you found this useful, please leave share this post or consider subscribing to our newsletter. Make sure to also read our article Fileless malware with PowerShell Empire.